Securing an HP LaserJet printer with LetsEncrypt

Installing a TLS (or SSL) certificate on a HP LaserJet printer

The fantastic and free Let’s Encrypt service lets you issue TLS (SSL) certificates to as many devices as you want. It’s perfect for a home or small office environment.

The Let’s Encrypt service needs to validate that you are in control of the device you’ve requested a certificate for. Most of the time, it’s fine to serve up a single file from your server. What if you can’t actually serve arbitrary files from your device?

There is a way around this – you can use a TXT (text) record in DNS to authenticate the device, and that’s what I did.

Photo by Alex Furr from FreeImages

I’ve used certbot to generate my certificate:

certbot -d host.example.com --manual --preferred-challenges dns certonly

Note down the TXT record that appears and add it to your DNS server, and you’re done.

My printer wants the certificate and private key in a PKCS#12 bundle, a bit like a ‘zip’ or ‘tar’ archive. This isn’t obvious, but it can be done with this command:

openssl pkcs12 -export -out certificate.pfx -inkey config/live/host.example.com/privkey.pem -in config/live/host.example.com/cert.pem

You’ll be asked for a passphrase, and the key and certificate will be in certificiate.pfx.¬† You can load this in to the printer by hand, or automatically with a single command.